Malware In App Store Gives Away ICloud Password

Things haven't been going so well for Apple and the iPhone team as of late. First, there was a pretty severe flaw in the newest iOS operating system that would have allowed malware to get into the device via AirDrop and now tons of Chinese apps that were hosted on the official App Store were infected with a code that took information from users' phones and used it for identity theft.

The breakout is much worse than previously thought though, because the claim is that it wasn't just new apps, but some of the older, more popular apps as well. WeChat, a messaging and social networking app, carried the threat. Forbes believes that the hunters are looking for login details and other crucial pieces of data.

They wanted to use the trust of third-party downloads of Xcode, a developer tool for apps, and start there. However, the downloads have been corrupted to add malware to the apps that used the altered Xcode so that they could grab information that doesn't really seem like it would be a problem, like the phone name and some network information. Researchers from Chinese tech titan Alibaba aptly dubbed the rogue code XcodeGhost.

Palo Alto Networks found the code after it was served from Baidu's cloud and went to Apple's App Store.

However, Palo Alto Networks senior researcher Claud Xiao revealed to Forbes that the code isn't as innocuous as previously thought because “it can be remotely controlled by the attacker to phish or exploit local system or app vulnerabilities”. This means that the code can actually let hackers get into your phone.

Ryan Olson, an intelligence director at Pal Alto Networks explains more: “After contacting the command and control server to upload information about the infected device, the malware retrieves an encrypted response from the server. This response contains multiple possible commands. One of them specifies a message to send to the user in the form of an alert prompt."

He then goes on to say that they, "Have evidence that this was used to ‘phish’ iCloud credentials from users of infected apps. The response can also contain a URL which the app will then open. We don’t know how this is being used, but it could be used to send other apps on the phone to potentially malicious resources.”

At first, many thought that this hack would only impact Chinese users, but there are actually hundreds of millions of users affected from all over the world. One app in particular, CamCard, will hit the US market. The WeChat app has been updated.

To see a full list of the apps impacted by the code, visit the Palo Alto blog.